idg dd os report - a10 networks · 2021. 8. 5. · a10 networks – idg ddos report: evolving...
TRANSCRIPT
IDG DDoS REPORT EVOLVING STRATEGIES FOR HANDLING TODAY’S COMPLEX & COSTLY THREATS
CONTENTS1
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
Executive Summary
One or More Serious Attacks Per Respondent
Size and Magnitude Have Grown Significantly
Multiple Data Centers: A Target-Rich Environment
UDP Flood Continues to Lead the Pack
Measuring the Impact of Downtime
Obstacles to Achieving Better Protection
On-Premises Appliances: The Preferred Solution
Most See Their Current Solutions as Highly Effective
Providing Effective Protection is an Ongoing Challenge
Satisfied, Yes! But Also Open to Change
Automation Tops the List
The Need for Speed
Defense Budgets Up 24%
Who’s Responsible for DDoS Prevention?
About the Survey
1A10 Networks – IDG DDoS Report: Evolving Strategies for Handling Today’s Complex & Costly Threats
2018
EXECUTIVE SUMMARY
This report summarizes research on distributed denial of service (DDoS) attacks focusing on
trends and developments observed in 2018. Increasingly sophisticated DDoS attacks have
become an inevitable part of the cybersecurity landscape threatening enterprise networks,
Communication Service Providers (CSP), and their customers. As complex new challenges
arise, more and more organizations are seeing the need to fortify their security posture.
2018 Survey Highlights >
2A10 Networks – IDG DDoS Report: Evolving Strategies for Handling Today’s Complex & Costly Threats
86%
report experiencing one or more
DDoS attack
49%
respondents anticipate
increasing their budgets to
address DDoS threats
DDoS attacks are distributed
across multiple network layers
and leverage multiple vectors —
as before, UDP Flood remains
the most common and most
frequently exploited attack vector
70%
are highly likely to consider changing
their current solution, in contrast to
high effectiveness ratings
83%
consider their current solutions
highly effective in managing
large-scale attacks
Attack types are increasing in
breadth and depth
Rapid detection and mitigation
is the main consideration for
selecting a DDoS solution
Respondents report a preference
for on-premises appliances to
address multi-vector threats
Technical complexity is reportedly
the number one barrier to
bolstering DDoS protection
The emergence of 5G poses
serious new security challenges
for mobile service providers
The majority holds CSPs equally or
more responsible for DDoS prevention
when applications are deployed via a
cloud service provider
More than half of respondents
offer hosted services to third
parties, and 2/3 of those offer
DDoS prevention services
2018 SURVEY HIGHLIGHTS:
3A10 Networks – IDG DDoS Report: Evolving Strategies for Handling Today’s Complex & Costly Threats
NUMBER OF DDoS ATTACKS – PAST 12 MONTHS
NUMBER OF DDoS ATTACKS – OVER TIME
1%> 25
19%11 to 25
36%6 to 10
31%1 to 5
14%Ø
DDoS attacks have increased in sophistication and intensity, threatening the availability of enterprise services, applications, websites, and networks.
Most survey respondents (86%) report experiencing at least one
DDoS attack in the past 12 months.
ONE OR MORE SERIOUS ATTACK PER RESPONDENT
55%55%
14%
6 TO 25 ATTACKS
2015 2016 2017
1%7%
32%
MORE THAN > 25 ATTACKS
2015 2016 2017
4A10 Networks – IDG DDoS Report: Evolving Strategies for Handling Today’s Complex & Costly Threats
PERCENT OF DDoS ATTACKS
TARGETING EACH AREAAttack types are increasing in
breadth and depth.
In 2018, 49% of survey respondents reported an average
DDoS attack size of greater than 50 Gbps, while only
10% reported the same in 2015. The research shows
that attack types are increasing in breadth and depth,
distributed across multiple areas of IT infrastructure in
nearly equal proportions.
SIZE AND MAGNITUDE HAVE GROWN SIGNIFICANTLY
AVERAGE DDoS ATTACKS >50 GBPS
49%42%
10%
2015 2017 2018
26% 25%
26%23%
Infrastructure services
(e.g., DNS, CGNAT)
Network capacity
(targeting bandwidth)
Network layer
(firewalls, routers, etc.)
Application layer
(apps, servers)
5A10 Networks – IDG DDoS Report: Evolving Strategies for Handling Today’s Complex & Costly Threats
EXPERIENCED 5 OR MORE DDoS ATTACKSOnce attackers have identified a good target, they are apt to continue probing other data centers in the same “family.” Consequently, the more data centers an organization operates, the greater its likelihood of being attacked.
Attacks are launched for a variety of reasons. Some are just the
result of random opportunism — thrill-seeking attackers. In some
cases, state-sponsored actors seek to disrupt operations of foreign
adversaries or business competitors. Others are driven by activists
looking to raise awareness for a “pet” cause, be it social or political.
And some attacks are used as a cover for more malicious, intrusive
hacks. Whatever the reason, organizations with more than five data
centers are more frequently targeted, and the average attack size is
considerably larger.
MULTIPLE DATA CENTERS: A TARGET-RICH ENVIRONMENT
AVERAGE DDoS ATTACK >50 GBPS
68%
More than 5 Data Centers
63%
More than 5 Data Centers
39%
1-5 Data Centers
29%
1-5 Data Centers
6A10 Networks – IDG DDoS Report: Evolving Strategies for Handling Today’s Complex & Costly Threats
Attackers exploit multiple vectors to launch their DDoS attacks.
As in our previous survey, UDP Flood (including DNS Amplification) was the attack vector most
frequently leveraged against respondents’ organizations in the past 12 months. While the overall mix
of vectors remains relatively stable, the scale increased dramatically with all categories up significantly
from the last survey.
UDP FLOOD CONTINUES TO LEAD THE PACK
PERCENT REPORTING ATTACK VECTOR WAS LEVERAGED
UDP FLOOD
UDP FRAGMENT 38%
DNS FLOOD 34%
UDP SYN FLOOD 37%
TCP ACK FLOOD 27%
CLDAP REFLECTION 20%
NTP REFLECTION 22%
HTTP SLOW POST 24%
HTTP GET FLOOD 28%
SNMP FLOOD 21%
ICMP 19%
OTHER 13%
CHARGEN 19%
SSDP FLOOD 17%
NONE 16%
54%
7A10 Networks – IDG DDoS Report: Evolving Strategies for Handling Today’s Complex & Costly Threats
The average downtime per attack grows as the number of DDoS
attacks increases, indicating inefficient mitigation processes.
While respondents cite a number of factors by which they gauge the
impact, the top response is Time to Service Restoration.
What accounts for the difference? It depends on who’s responding.
Whereas CSOs may see service restoration time as the most
important metric, CIOs will see order-processing uptime as critical.
CEOs are apt to be more concerned about hits to a company’s
reputation seen in the press. Business priorities vary by organization,
and by the teams within them. One may see customer satisfaction
as the primary goal, while keeping the back office up and running as
secondary. DDoS mitigation strategies should be subjected to rigorous
reviews against changing business priorities and the evolving nature of
threats to ensure they continue to meet business objectives.
MEASURING THE IMPACT OF DOWNTIME
71%
47%
52%
36%Press Coverage/
Company Reputation
Time to Service
RestorationCustomer
Satisfaction
Order
Processing
AVERAGE DOWNTIME
1-2 Hours
14%
34%
3-6 Hours
24%
32%
7-12 Hours
36%
27%
13-24 Hours
14%
5%
25-36 Hours
12%
2%
5 or less DDoS attacks
More than 5 DDoS attacks
8A10 Networks – IDG DDoS Report: Evolving Strategies for Handling Today’s Complex & Costly Threats
Despite the positive reviews for current DDoS solutions, respondents do report limitations. In the current survey, keeping up with the complex array of attack types is identified as the number one barrier to greater DDoS protection:
OBSTACLES TO ACHIEVING BETTER PROTECTION
INTERNAL BARRIERS TO GREATER DDoS PROTECTION
54% 47% 43% 42% 32%
Respondents at organizations with a planned budget increase to address
multi-vector DDoS threats are more likely to cite the cost of detect and
mitigation solutions as a barrier (52% vs. 33% among all others).
Technology/Network Complexity
Operational Costs
Solution Costs
Expertise Gaps
Insufficient Stakeholder Buy-in
9A10 Networks – IDG DDoS Report: Evolving Strategies for Handling Today’s Complex & Costly Threats
While more than half (53%) of respondents have two or more solutions in place, their preference is clearly for on-premises appliances over other solution types.
Appliances are increasingly seen as the most effective way to address multi-vector DDoS threats and
are more likely to be rated “extremely effective.” However, as appliance use has increased, it appears
that the proportion of other solutions in place remains largely unchanged, suggesting that appliances
are being brought in to reinforce existing protection, rather than to replace it.
ON-PREMISES APPLIANCES: THE PREFERRED SOLUTION
TO ADDRESS MULTI-VECTOR DDoS THREATS
PREFERRED SOLUTION
TO ADDRESS MULTI-VECTOR DDoS THREATS
53%HAVE 2 OR MORE
SOLUTIONS IN
PLACE
42%55%26%50%25%46%
9%26%
ON-PREMISES APPLIANCE
HYBRID
(On-premises with cloudbursting)
OUTSOURCED TO MSSP
HOSTING PROVIDER (incl. CDN)
10A10 Networks – IDG DDoS Report: Evolving Strategies for Handling Today’s Complex & Costly Threats
When it comes to managing large-scale, multi-vector attacks,
83% of respondents consider their current DDoS protection
solutions to be highly effective. As noted previously, on-premises
appliances are more likely to be rated “extremely effective.” The
confidence expressed in current solutions is likely due to the fact
that organizations are, on average, experiencing less downtime
from DDoS attacks. In 2015, 29% of respondents reported average
downtime of 25 hours or more, compared to only 8% in 2018. Over
the past few years, downtime has shifted from being measured in
days to hours and minutes.
MOST SEE THEIR CURRENT SOLUTIONS AS HIGHLY EFFECTIVE
EFFECTIVENESS OF CURRENT DDoS PROTECTION
1%Not very effective
17%Somewhat
effective
36%Very effective
47%Extremely
effective
EFFECTIVENESS BY TYPE OF SOLUTION IN PLACE
Extremely Effective
Somewhat Effective
Very Effective
Not Very Effective
44%
32%28%
42%40%
48%
14%
24% 25%
4%
On-premises appliance only
Outsourced or hosted solution only
Hybrid solution only
11A10 Networks – IDG DDoS Report: Evolving Strategies for Handling Today’s Complex & Costly Threats
3%
In the current survey, keeping up with evolving and ever-proliferating attack types and methods is identified as the key challenge
to implementing more effective DDoS protection. The increasing complexity of attacks coupled with increasingly complex,
hybrid infrastructures make the cyber-threat landscape more opaque than ever before. As in 2017, usage cost continues to be an
important consideration. All in all, the challenges have become less daunting on a year-over-year basis, pointing to the increased
efficacy and ease-of-use of DDoS solutions.
PROVIDING EFFECTIVE PROTECTION IS AN ONGOING CHALLENGE
48%
30%
39%
45%
37%
43%
34%
NOT ASKED IN 2017
33%
48%
32%
46%
29%
37%
1%
Types of attacks are complex and diverse
Need broader protection against DDoS attacks
Attacks are coming from too many places
Requires too much manual intervention
Usage is cost prohibitive
(Requires too much processing power)
Inability to integrate different capabilities
Lack granular control for more agile response
Other
None
2018
2017
12A10 Networks – IDG DDoS Report: Evolving Strategies for Handling Today’s Complex & Costly Threats
Despite rating their existing solutions highly effective, seven in ten respondents (70%) report a high likelihood to consider a change to their DDoS solution currently in place.
The likelihood to switch correlates positively to the number of
attacks experienced. More attacks equal a greater propensity
to try something different. 48% that experienced five or more
attacks said they’re extremely likely to consider a switch.
SATISFIED, YES! BUT ALSO OPEN TO CHANGE
LIKELIHOOD TO CONSIDER A CHANGE TO DDoS
SOLUTION – NEXT 12 MONTHS
36%Extremely
likely
34%Very likely
20%Somewhat
likely
10%Not very likely
1%Not at all
LIKELIHOOD TO CONSIDER A CHANGE – BY THE
NUMBER OF DDoS ATTACKS EXPERIENCED
Extremely
48%
21%
Very
36%31%
Somewhat
14%
27%
Not Very
2%
19%
Not At All
1% 1%
5 or less DDoS attacksMore than 5 DDoS attacks
13A10 Networks – IDG DDoS Report: Evolving Strategies for Handling Today’s Complex & Costly Threats
The DDoS market is maturing, with more advanced capabilities frequently coming online.
Automated detection and mitigation is still the number one
feature considered when selecting a DDoS solution, up just a
touch over 2017. In general, there have been no major shifts in
opinion over the past year regarding the top desired anti-DDoS
features and capabilities.
AUTOMATION TOPS THE LIST
2018 FEATURE OR CAPABILITY MOST IMPORTANT
IN A DDoS SOLUTION
10%
13%
36%Very effective15%
47%Extremely
effective
15%
16%
25%
7%
Automated detection
and mitigation
Expansive
Policies for
protected objects
Hardware
accelerated traffic processing
Reporting
Custom processors
Programmability
Threat intelligence
feed optimized
for DDoS
Automated detection & mitigation25%24%
Expansive Policies for protected objects16%12%
Programmability15%13%
Hardware accelerated traffic processing15%13%
Threat intelligence feed optimized for DDoS13%15%
Custom processors10%13%
Reporting7%
Rate limit enforcement11%
2018 2017
14A10 Networks – IDG DDoS Report: Evolving Strategies for Handling Today’s Complex & Costly Threats
IMPORTANCE OF CRITERIA
WHEN SELECTING A DDoS SOLUTION*
*% Ranking Criteria in the Top 3
MOST IMPORTANT POTENTIAL BENEFIT
OF A DDoS SOLUTION
20%17%
14%
13%
37%
Speedy response is what respondents want most in a DDoS solution.
Speed of detection and remediation also rises to the top of the list
when they are asked to rank solution selection criteria. Executives
with the title of CEO, President, or Owner are more likely to rank
“cost-effectiveness” among their top three criteria (55% versus
34% for respondents with other titles). While cost appears to be
a top-of-mind concern, it’s interesting to note that, nevertheless,
nearly one-half of respondents plan to increase their DDoS budget
in the coming year. Clearly, they see the need to keep their level
of protection effective and up to date.
THE NEED FOR SPEED
Speed of
response
Throughput
performance
TCO
(Savings
in POEX,
CAPEX)
Reduced
data center
footprint
(Rack units)
Multi-vector
protection
metrics
Speed of detection & response56%
Cost-effectiveness47%
Breadth of protection against attacks46%
Capacity (in Gbps or Mpps) to mitigate attacks43%
Features and capabilities of the solution40%
Vendor reputation38%
Reporting capabilities32%
15A10 Networks – IDG DDoS Report: Evolving Strategies for Handling Today’s Complex & Costly Threats
Nearly one-half of respondents (49%) anticipate increases in their
organizations’ budgets to address DDoS threats. Budgets are
expected to increase by 24% on average. While IT security teams still
top the list in terms of responsibility for DDoS prevention, many other
roles including network administrator, security architect, and network
architect have increased in importance since 2015.
Skills and experience across the workforce are increasing, calling for
expanded security budgets. Provisioning protection that is in synch
with evolving business objectives and capable of taking on new and
emerging DDoS threats is clearly a top priority. The fact that cost is
seen as a barrier, yet budgets are increasing, suggests that decision
makers are working harder to secure funding.
DEFENSE BUDGETS UP 24%
EXPECTED CHANGE IN BUDGET
TO ADDRESS MULTI-VECTOR DDoS THREATS
41%No Change
49%Increase
3%Don’t Know
8%Decrease
INDIVIDUALS RESPONSIBLE
FOR DDoS PREVENTION EFFORTS
IT Security
Team
73%86%88%
Network
Team
47%68%
50%
CISO37%
67%67%
CIO 67%52%
31%
Chief Compliance Officer 61%53%
25%
Network Architect 52%31%
22%
Security Architect 55%32%
20%
System Administrator 11%
Other 1%
2018
2017
2015
16A10 Networks – IDG DDoS Report: Evolving Strategies for Handling Today’s Complex & Costly Threats
WHO’S RESPONSIBLE FOR DDoS PREVENTION?More than half (55%) of survey respondents offer hosted services to
third parties, and two-thirds of those offer DDoS prevention services.
Most respondents believe that service providers hold at least equal
responsibility for DDoS prevention when applications are deployed
via cloud service providers, while one-half (50%) believe service
providers bear the main responsibility.
The evolution of DDoS methods suggests that CSPs need to
enhance their security posture and find better ways to protect critical
infrastructure and their tenants. The continued discovery of new
attack patterns should also prompt enterprises to seek DDoS-proof
service providers. The advent of 5G is forecast to drive exponential
growth in connected IoT devices, dramatically expanding attacks
via DDoS botnets. Analysts predict that DDoS will go hyper-scale
with 5G. To protect their networks and customers from these rapidly
growing threats, mobile service providers will need to leverage
sophisticated DDoS threat intelligence and advanced, automated
detection and mitigation solutions.
20%
50%
30%
PRIMARY RESPONSIBILITY
FOR DDoS PREVENTION
WHEN LEVERAGING
A CSP
The cloud services
provider (CSP)
The client/customer
Both hold equal
responsibility
OFFERING OR CONSIDERING
OFFERING DDoS
PREVENTION
SERVICES
Currently
offering
Considered
offering
Not offering or
considering offering
67%31%
2%
17A10 Networks – IDG DDoS Report: Evolving Strategies for Handling Today’s Complex & Costly Threats
The IDG Connect research survey was conducted on behalf of A10 Networks
in order to analyze the cybersecurity landscape, especially as it pertains
to DDoS threats across select industries. Via an online questionnaire,
200+ respondents from the US and UK were queried at organizations
averaging 6,316 employees. 35% were software, computer services,
telecommunications, and engineering organizations.
Respondent profiles:> Responsibility or oversight for application service
delivery, IT networking or IT security
> CEOs (27%), CIOs (18%), and IT security executives
and staff (35%)
> Knowledgeable of:
– Average Internet access bandwidth
– Number of data centers in operation
– Number of DDoS attacks experienced
over the past 18 months
ABOUT THE SURVEY
Average:
226 Gbps
AVERAGE INTERNET ACCESS
BANDWIDTH FOR A DATA CENTER/COLO
PRESENCE NUMBER OF DATA CENTERS IN OPERATION
< 5 Gbps
5 - 9 Gbps
10 - 19 Gbps
20 - 49 Gbps
50 - 99 Gbps
100 - 299 Gbps
300 - 9999 Gbps
AVERAGE
10
6%
9%
14%
17%
26%
14%
14%
2%
1
2
3
4 - 5
6 - 10
11 - 15
16 - 20
> 20
AVERAGE
226 Gbps
ABOUT A10 NETWORKS
LEARN MORE
C O N TA C T U S
A10 Networks (NYSE: ATEN) provides Reliable Security
Always™ through a range of high-performance solutions that
enable intelligent automation with deep machine learning to
ensure business critical applications are protected, reliable
and always available. Founded in 2004, A10 Networks is
based in San Jose, Calif., and serves customers globally
with offices worldwide.
For more information visit:
ABOUT A10 NETWORKS
©2019 A10 Networks, Inc. All rights reserved. A10 Networks, the A10 Networks logo, ACOS, Thunder, Lightning, Harmony and SSL Insight are trademarks or registered
trademarks of A10 Networks, Inc. in the United States and other countries. All other trademarks are property of their respective owners. A10 Networks assumes no
responsibility for any inaccuracies in this document. A10 Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice.
For the full list of trademarks, visit: www.a10networks.com/a10-trademarks.
Part Number: A10-EB-14116-EN-01 FEB 2019
or tweet @A10Networks
D O W N LO A D
e B O O K
a10networks.com/contact
a10networks.com